Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

USN-7886-1

UNKNOWN

python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities

Published Nov 24, 2025

Modified 1 months ago

Fix available

Details

It was discovered that Python inefficiently handled expanding system environment variables. An attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. (CVE-2025-6075)

Caleb Brown discovered that Python incorrectly handled the ZIP64 End of Central Directory (EOCD) Locator record offset value. An attacker could possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

Affected Packages

Ubuntu:22.04:LTSpython3.10

Fixed in:

3.10.12-1~22.04.12

Ubuntu:24.04:LTSpython3.12

Fixed in:

3.12.3-1ubuntu0.9

Ubuntu:Pro:14.04:LTSpython3.4

Fixed in:

3.4.3-1ubuntu1~14.04.7+esm17

Ubuntu:Pro:14.04:LTSpython3.5

Fixed in:

3.5.2-2ubuntu0~16.04.4~14.04.1+esm8

Ubuntu:Pro:16.04:LTSpython3.5

Fixed in:

3.5.2-2ubuntu0~16.04.13+esm20

Ubuntu:Pro:18.04:LTSpython3.6

Fixed in:

3.6.9-1~18.04ubuntu1.13+esm7

Ubuntu:Pro:18.04:LTSpython3.7

Fixed in:

3.7.5-2ubuntu1~18.04.2+esm8

Ubuntu:Pro:18.04:LTSpython3.8

Fixed in:

3.8.0-3ubuntu1~18.04.2+esm7

Ubuntu:Pro:20.04:LTSpython3.8

Fixed in:

3.8.10-0ubuntu1~20.04.18+esm3

Ubuntu:Pro:20.04:LTSpython3.9

Fixed in:

3.9.5-3ubuntu0~20.04.1+esm7

Ubuntu:Pro:22.04:LTSpython3.11

Fixed in:

3.11.0~rc1-1~22.04.1~esm6

Timeline

PublishedNov 24, 2025

ModifiedNov 24, 2025

USN-7886-1 | Mondoo Vulnerability Intelligence

USN-7886-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline